Enable the CA SSO Policy Server Resource Adapter on WebSphere

The identity administrator enables the CA Single Sign-On (CA SSO, formerly known as SiteMinder) Policy Server Resource Adapter. The purpose of the adapter is to validate the SMSESSION cookie. After validation, CA SSO® creates the user context.
cim141
The identity administrator enables the CA Single Sign-On (CA SSO, formerly known as SiteMinder) Policy Server Resource Adapter. The purpose of the adapter is to validate the SMSESSION cookie. After validation, CA SSO® creates the user context.
This procedure is specific to WebSphere. To learn the procedure for systems that use WildFly or WebLogic, see Enable the CA SSO Policy Server Resource Adapter.
Follow these steps:
  1. Open the WebSphere Admin Console using the following URL:
    http://<host-name>:9060/ibm/console/
  2. Browse to
    Applications
    ,
    Application Types
    , and then
    WebSphere Enterprise Applications
    . The available resources available appear in the
    Enterprise Applications
    window.
  3. Select
    iam_im
    , and then select the
    Configuration
    tab.
  4. Under
    Modules
    , select
    Manage Modules
    , and then select
    PolicyServerRA
    .
  5. Under
    Additional Properties
    , select
    Resource Adapter
    .
  6. Under
    Additional Properties
    , select
    J2C Connection Factories
    , and then select
    iam_im-PolicyServerConnection
    .
  7. Repeat steps 8 through 10 for another resource named
    com.netegrity.ra.policyserver.IPolicyServerConnectionFactory
    .
  8. Under
    Additional Properties
    , select
    Custom Properties
    .
  9. Edit the following properties to match your system:
    : The properties have sample values.
    • ValidateSMHeadersWit
      hPS:
      <true>
    • Enabled:
      <true>
    • ConnectionURL:
      <tail-sm6,44441,44442,44443>
    • UserNameL:
      <SiteMinder>
    • AdminSecret:
      <{PBES}:gSex2/BhDGzEKWvFmzca4w==>
    • AgentName:
      <imuser>
    • AgentSecret:
      <{PBES}:gSex2/BhDGzEKWvFmzca4w==>
    • Optionally
      , if you are using FIPS, set
      FIPSMode
      to true
  10. A message appears after you edit your selections. Select
    Save
    to directly save your changes to the master configuration.
    : To learn how to encrypt the password, see The Password Tool.
  11. To apply your changes, restart the Application Server.
A sample ra.xml configuration for WebSphere would appear in the admin console similar to the following graphic:
Sample WAS RA_XML.png
: To disable the CA SSO Integration, change the
Enabled
property to
false
, as ishown in the following graphic:
Disable WAS_SSO.png
For detailed instructions for removing CA SSO from an existing CA Identity Manager environment, see Remove CA SSO from the CA Identity Manager Deployment.